From 0b6423f9c99d9edf8c96fefd0f6c453859395aa1 Mon Sep 17 00:00:00 2001 From: Holger Weiss Date: Mon, 30 Sep 2013 00:03:24 +0200 Subject: Import Nagios Plugins site Import the Nagios Plugins web site, Cronjobs, infrastructure scripts, and configuration files. --- web/attachments/318840-sslutils_sni.patch | 85 +++++++++++++++++++++++++++++++ 1 file changed, 85 insertions(+) create mode 100644 web/attachments/318840-sslutils_sni.patch (limited to 'web/attachments/318840-sslutils_sni.patch') diff --git a/web/attachments/318840-sslutils_sni.patch b/web/attachments/318840-sslutils_sni.patch new file mode 100644 index 0000000..4251244 --- /dev/null +++ b/web/attachments/318840-sslutils_sni.patch @@ -0,0 +1,85 @@ +diff --git a/plugins/check_http.c b/plugins/check_http.c +index c8ae67f..33a9379 100644 +--- a/plugins/check_http.c ++++ b/plugins/check_http.c +@@ -790,6 +790,9 @@ check_http (void) + die (STATE_CRITICAL, _("HTTP CRITICAL - Unable to open TCP socket\n")); + #ifdef HAVE_SSL + if (use_ssl == TRUE) { ++ /* Set host name for SSL/TLS hostname extension support (SNI) */ ++ if (host_name) ++ np_net_ssl_set_host_name(host_name); + np_net_ssl_init(sd); + if (check_cert == TRUE) { + result = np_net_ssl_check_cert(days_till_exp); +diff --git a/plugins/netutils.h b/plugins/netutils.h +index 6bc5386..c6f863d 100644 +--- a/plugins/netutils.h ++++ b/plugins/netutils.h +@@ -96,6 +96,7 @@ void np_net_ssl_cleanup(); + int np_net_ssl_write(const void *buf, int num); + int np_net_ssl_read(void *buf, int num); + int np_net_ssl_check_cert(int days_till_exp); ++void np_net_ssl_set_host_name(const char *buf); + #endif /* HAVE_SSL */ + + #endif /* _NETUTILS_H_ */ +diff --git a/plugins/sslutils.c b/plugins/sslutils.c +index 1d4ef94..a8aee93 100644 +--- a/plugins/sslutils.c ++++ b/plugins/sslutils.c +@@ -34,6 +34,7 @@ + static SSL_CTX *c=NULL; + static SSL *s=NULL; + static int initialized=0; ++const char *host_name=NULL; + + int np_net_ssl_init (int sd){ + if (!initialized) { +@@ -48,6 +49,10 @@ int np_net_ssl_init (int sd){ + return STATE_CRITICAL; + } + if ((s = SSL_new (c)) != NULL){ ++#ifdef SSL_set_tlsext_host_name ++ if (host_name != NULL) ++ SSL_set_tlsext_host_name(s, host_name); ++#endif + SSL_set_fd (s, sd); + if (SSL_connect(s) == 1){ + return OK; +@@ -65,6 +70,9 @@ int np_net_ssl_init (int sd){ + + void np_net_ssl_cleanup (){ + if(s){ ++#ifdef SSL_set_tlsext_host_name ++ SSL_set_tlsext_host_name(s, NULL); ++#endif + SSL_shutdown (s); + SSL_free (s); + if(c) { +@@ -73,6 +81,7 @@ void np_net_ssl_cleanup (){ + } + s=NULL; + } ++ host_name = NULL; + } + + int np_net_ssl_write(const void *buf, int num){ +@@ -86,7 +95,7 @@ int np_net_ssl_read(void *buf, int num){ + int np_net_ssl_check_cert(int days_till_exp){ + # ifdef USE_OPENSSL + X509 *certificate=NULL; +- ASN1_STRING *tm; ++ ASN1_STRING *tm; + int offset; + struct tm stamp; + float time_left; +@@ -163,4 +172,8 @@ int np_net_ssl_check_cert(int days_till_exp){ + # endif /* USE_OPENSSL */ + } + ++void np_net_ssl_set_host_name (const char *buf){ ++ host_name = buf; ++} ++ + #endif /* HAVE_SSL */ -- cgit v1.2.3-74-g34f1